diff --git a/cmd/kops/integration_test.go b/cmd/kops/integration_test.go index 0de56def87ef5..d457901e9526f 100644 --- a/cmd/kops/integration_test.go +++ b/cmd/kops/integration_test.go @@ -53,6 +53,11 @@ func TestMinimal_141(t *testing.T) { runTest(t, "minimal-141.example.com", "../../tests/integration/minimal-141") } +// TestPrivateWeave runs the test on a configuration with private topology, weave networking +func TestPrivateWeave(t *testing.T) { + runTest(t, "privateweave.example.com", "../../tests/integration/privateweave") +} + func runTest(t *testing.T, clusterName string, srcDir string) { var stdout bytes.Buffer @@ -71,12 +76,12 @@ func runTest(t *testing.T, clusterName string, srcDir string) { cloud.MockRoute53 = mockRoute53 mockRoute53.Zones = append(mockRoute53.Zones, &route53.HostedZone{ - Id: aws.String("123"), + Id: aws.String("/hostedzone/Z1AFAKE1ZON3YO"), Name: aws.String("example.com."), }) mockEC2.Images = append(mockEC2.Images, &ec2.Image{ - ImageId: aws.String("ami-12345"), + ImageId: aws.String("ami-12345678"), Name: aws.String("k8s-1.4-debian-jessie-amd64-hvm-ebs-2016-10-21"), OwnerId: aws.String(awsup.WellKnownAccountKopeio), }) diff --git a/tests/integration/minimal-141/kubernetes.tf b/tests/integration/minimal-141/kubernetes.tf index 7fc6b18cab64a..9f5e148ad343d 100644 --- a/tests/integration/minimal-141/kubernetes.tf +++ b/tests/integration/minimal-141/kubernetes.tf @@ -117,7 +117,7 @@ resource "aws_key_pair" "kubernetes-minimal-141-example-com-c4a6ed9aa889b9e2c39c resource "aws_launch_configuration" "master-us-test-1a-masters-minimal-141-example-com" { name_prefix = "master-us-test-1a.masters.minimal-141.example.com-" - image_id = "ami-12345" + image_id = "ami-12345678" instance_type = "m3.medium" key_name = "${aws_key_pair.kubernetes-minimal-141-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id}" iam_instance_profile = "${aws_iam_instance_profile.masters-minimal-141-example-com.id}" @@ -140,7 +140,7 @@ resource "aws_launch_configuration" "master-us-test-1a-masters-minimal-141-examp resource "aws_launch_configuration" "nodes-minimal-141-example-com" { name_prefix = "nodes.minimal-141.example.com-" - image_id = "ami-12345" + image_id = "ami-12345678" instance_type = "t2.medium" key_name = "${aws_key_pair.kubernetes-minimal-141-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id}" iam_instance_profile = "${aws_iam_instance_profile.nodes-minimal-141-example-com.id}" diff --git a/tests/integration/minimal/kubernetes.tf b/tests/integration/minimal/kubernetes.tf index b6845711aedef..579eb1bc6b9d3 100644 --- a/tests/integration/minimal/kubernetes.tf +++ b/tests/integration/minimal/kubernetes.tf @@ -117,7 +117,7 @@ resource "aws_key_pair" "kubernetes-minimal-example-com-c4a6ed9aa889b9e2c39cd663 resource "aws_launch_configuration" "master-us-test-1a-masters-minimal-example-com" { name_prefix = "master-us-test-1a.masters.minimal.example.com-" - image_id = "ami-12345" + image_id = "ami-12345678" instance_type = "m3.medium" key_name = "${aws_key_pair.kubernetes-minimal-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id}" iam_instance_profile = "${aws_iam_instance_profile.masters-minimal-example-com.id}" @@ -140,7 +140,7 @@ resource "aws_launch_configuration" "master-us-test-1a-masters-minimal-example-c resource "aws_launch_configuration" "nodes-minimal-example-com" { name_prefix = "nodes.minimal.example.com-" - image_id = "ami-12345" + image_id = "ami-12345678" instance_type = "t2.medium" key_name = "${aws_key_pair.kubernetes-minimal-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id}" iam_instance_profile = "${aws_iam_instance_profile.nodes-minimal-example-com.id}" diff --git a/tests/integration/privateweave/id_rsa.pub b/tests/integration/privateweave/id_rsa.pub new file mode 100755 index 0000000000000..81cb0127830e7 --- /dev/null +++ b/tests/integration/privateweave/id_rsa.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCtWu40XQo8dczLsCq0OWV+hxm9uV3WxeH9Kgh4sMzQxNtoU1pvW0XdjpkBesRKGoolfWeCLXWxpyQb1IaiMkKoz7MdhQ/6UKjMjP66aFWWp3pwD0uj0HuJ7tq4gKHKRYGTaZIRWpzUiANBrjugVgA+Sd7E/mYwc/DMXkIyRZbvhQ== diff --git a/tests/integration/privateweave/in.yaml b/tests/integration/privateweave/in.yaml new file mode 100644 index 0000000000000..8d7f4f03cac9f --- /dev/null +++ b/tests/integration/privateweave/in.yaml @@ -0,0 +1,78 @@ +apiVersion: kops/v1alpha1 +kind: Cluster +metadata: + creationTimestamp: "2016-12-12T04:13:14Z" + name: privateweave.example.com +spec: + adminAccess: + - 0.0.0.0/0 + channel: stable + cloudProvider: aws + configBase: memfs://clusters.example.com/privateweave.example.com + etcdClusters: + - etcdMembers: + - name: us-test-1a + zone: us-test-1a + name: main + - etcdMembers: + - name: us-test-1a + zone: us-test-1a + name: events + kubernetesVersion: v1.4.6 + masterInternalName: api.internal.privateweave.example.com + masterPublicName: api.privateweave.example.com + networkCIDR: 172.20.0.0/16 + networking: + weave: {} + nonMasqueradeCIDR: 100.64.0.0/10 + topology: + bastion: + enable: true + idleTimeout: 120 + machineType: t2.medium + masters: private + nodes: private + zones: + - cidr: 172.20.32.0/19 + name: us-test-1a + privateCIDR: 172.20.4.0/22 + +--- + +apiVersion: kops/v1alpha1 +kind: InstanceGroup +metadata: + creationTimestamp: "2016-12-12T04:13:15Z" + name: master-us-test-1a + labels: + kops.k8s.io/cluster: privateweave.example.com +spec: + associatePublicIp: true + image: kope.io/k8s-1.4-debian-jessie-amd64-hvm-ebs-2016-10-21 + machineType: m3.medium + maxSize: 1 + minSize: 1 + role: Master + zones: + - us-test-1a + +--- + +apiVersion: kops/v1alpha1 +kind: InstanceGroup +metadata: + creationTimestamp: "2016-12-12T04:13:15Z" + name: nodes + labels: + kops.k8s.io/cluster: privateweave.example.com +spec: + associatePublicIp: true + image: kope.io/k8s-1.4-debian-jessie-amd64-hvm-ebs-2016-10-21 + machineType: t2.medium + maxSize: 2 + minSize: 2 + role: Node + zones: + - us-test-1a + + diff --git a/tests/integration/privateweave/kubernetes.tf b/tests/integration/privateweave/kubernetes.tf new file mode 100644 index 0000000000000..f5ff0bd69fd36 --- /dev/null +++ b/tests/integration/privateweave/kubernetes.tf @@ -0,0 +1,529 @@ +resource "aws_autoscaling_attachment" "bastion-privateweave-example-com" { + elb = "${aws_elb.bastion-privateweave-example-com.id}" + autoscaling_group_name = "${aws_autoscaling_group.bastion-privateweave-example-com.id}" +} + +resource "aws_autoscaling_attachment" "master-us-test-1a-masters-privateweave-example-com" { + elb = "${aws_elb.api-privateweave-example-com.id}" + autoscaling_group_name = "${aws_autoscaling_group.master-us-test-1a-masters-privateweave-example-com.id}" +} + +resource "aws_autoscaling_group" "bastion-privateweave-example-com" { + name = "bastion.privateweave.example.com" + launch_configuration = "${aws_launch_configuration.bastion-privateweave-example-com.id}" + max_size = 1 + min_size = 1 + vpc_zone_identifier = ["${aws_subnet.private-us-test-1a-privateweave-example-com.id}"] + tag = { + key = "KubernetesCluster" + value = "privateweave.example.com" + propagate_at_launch = true + } + tag = { + key = "Name" + value = "bastion.privateweave.example.com" + propagate_at_launch = true + } +} + +resource "aws_autoscaling_group" "master-us-test-1a-masters-privateweave-example-com" { + name = "master-us-test-1a.masters.privateweave.example.com" + launch_configuration = "${aws_launch_configuration.master-us-test-1a-masters-privateweave-example-com.id}" + max_size = 1 + min_size = 1 + vpc_zone_identifier = ["${aws_subnet.private-us-test-1a-privateweave-example-com.id}"] + tag = { + key = "KubernetesCluster" + value = "privateweave.example.com" + propagate_at_launch = true + } + tag = { + key = "Name" + value = "master-us-test-1a.masters.privateweave.example.com" + propagate_at_launch = true + } + tag = { + key = "k8s.io/role/master" + value = "1" + propagate_at_launch = true + } +} + +resource "aws_autoscaling_group" "nodes-privateweave-example-com" { + name = "nodes.privateweave.example.com" + launch_configuration = "${aws_launch_configuration.nodes-privateweave-example-com.id}" + max_size = 2 + min_size = 2 + vpc_zone_identifier = ["${aws_subnet.private-us-test-1a-privateweave-example-com.id}"] + tag = { + key = "KubernetesCluster" + value = "privateweave.example.com" + propagate_at_launch = true + } + tag = { + key = "Name" + value = "nodes.privateweave.example.com" + propagate_at_launch = true + } + tag = { + key = "k8s.io/role/node" + value = "1" + propagate_at_launch = true + } +} + +resource "aws_ebs_volume" "us-test-1a-etcd-events-privateweave-example-com" { + availability_zone = "us-test-1a" + size = 20 + type = "gp2" + encrypted = false + tags = { + KubernetesCluster = "privateweave.example.com" + Name = "us-test-1a.etcd-events.privateweave.example.com" + "k8s.io/etcd/events" = "us-test-1a/us-test-1a" + "k8s.io/role/master" = "1" + } +} + +resource "aws_ebs_volume" "us-test-1a-etcd-main-privateweave-example-com" { + availability_zone = "us-test-1a" + size = 20 + type = "gp2" + encrypted = false + tags = { + KubernetesCluster = "privateweave.example.com" + Name = "us-test-1a.etcd-main.privateweave.example.com" + "k8s.io/etcd/main" = "us-test-1a/us-test-1a" + "k8s.io/role/master" = "1" + } +} + +resource "aws_eip" "us-test-1a-privateweave-example-com" { + vpc = true +} + +resource "aws_elb" "api-privateweave-example-com" { + name = "api-privateweave" + listener = { + instance_port = 443 + instance_protocol = "TCP" + lb_port = 443 + lb_protocol = "TCP" + } + security_groups = ["${aws_security_group.api-elb-privateweave-example-com.id}"] + subnets = ["${aws_subnet.utility-us-test-1a-privateweave-example-com.id}"] + health_check = { + target = "TCP:443" + healthy_threshold = 2 + unhealthy_threshold = 2 + interval = 10 + timeout = 5 + } +} + +resource "aws_elb" "bastion-privateweave-example-com" { + name = "bastion-privateweave" + listener = { + instance_port = 22 + instance_protocol = "TCP" + lb_port = 22 + lb_protocol = "TCP" + } + security_groups = ["${aws_security_group.bastion-elb-privateweave-example-com.id}"] + subnets = ["${aws_subnet.utility-us-test-1a-privateweave-example-com.id}"] + health_check = { + target = + healthy_threshold = + unhealthy_threshold = + interval = + timeout = + } +} + +resource "aws_iam_instance_profile" "masters-privateweave-example-com" { + name = "masters.privateweave.example.com" + roles = ["${aws_iam_role.masters-privateweave-example-com.name}"] +} + +resource "aws_iam_instance_profile" "nodes-privateweave-example-com" { + name = "nodes.privateweave.example.com" + roles = ["${aws_iam_role.nodes-privateweave-example-com.name}"] +} + +resource "aws_iam_role" "masters-privateweave-example-com" { + name = "masters.privateweave.example.com" + assume_role_policy = "${file("${path.module}/data/aws_iam_role_masters.privateweave.example.com_policy")}" +} + +resource "aws_iam_role" "nodes-privateweave-example-com" { + name = "nodes.privateweave.example.com" + assume_role_policy = "${file("${path.module}/data/aws_iam_role_nodes.privateweave.example.com_policy")}" +} + +resource "aws_iam_role_policy" "masters-privateweave-example-com" { + name = "masters.privateweave.example.com" + role = "${aws_iam_role.masters-privateweave-example-com.name}" + policy = "${file("${path.module}/data/aws_iam_role_policy_masters.privateweave.example.com_policy")}" +} + +resource "aws_iam_role_policy" "nodes-privateweave-example-com" { + name = "nodes.privateweave.example.com" + role = "${aws_iam_role.nodes-privateweave-example-com.name}" + policy = "${file("${path.module}/data/aws_iam_role_policy_nodes.privateweave.example.com_policy")}" +} + +resource "aws_internet_gateway" "privateweave-example-com" { + vpc_id = "${aws_vpc.privateweave-example-com.id}" + tags = { + KubernetesCluster = "privateweave.example.com" + Name = "privateweave.example.com" + } +} + +resource "aws_key_pair" "kubernetes-privateweave-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157" { + key_name = "kubernetes.privateweave.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57" + public_key = "${file("${path.module}/data/aws_key_pair_kubernetes.privateweave.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key")}" +} + +resource "aws_launch_configuration" "bastion-privateweave-example-com" { + name_prefix = "bastion.privateweave.example.com-" + image_id = "ami-12345678" + instance_type = "t2.medium" + key_name = "${aws_key_pair.kubernetes-privateweave-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id}" + iam_instance_profile = "${aws_iam_instance_profile.masters-privateweave-example-com.id}" + security_groups = ["${aws_security_group.bastion-privateweave-example-com.id}"] + associate_public_ip_address = false + root_block_device = { + volume_type = "gp2" + volume_size = 20 + delete_on_termination = true + } + lifecycle = { + create_before_destroy = true + } +} + +resource "aws_launch_configuration" "master-us-test-1a-masters-privateweave-example-com" { + name_prefix = "master-us-test-1a.masters.privateweave.example.com-" + image_id = "ami-12345678" + instance_type = "m3.medium" + key_name = "${aws_key_pair.kubernetes-privateweave-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id}" + iam_instance_profile = "${aws_iam_instance_profile.masters-privateweave-example-com.id}" + security_groups = ["${aws_security_group.masters-privateweave-example-com.id}"] + associate_public_ip_address = false + user_data = "${file("${path.module}/data/aws_launch_configuration_master-us-test-1a.masters.privateweave.example.com_user_data")}" + root_block_device = { + volume_type = "gp2" + volume_size = 20 + delete_on_termination = true + } + ephemeral_block_device = { + device_name = "/dev/sdc" + virtual_name = "ephemeral0" + } + lifecycle = { + create_before_destroy = true + } +} + +resource "aws_launch_configuration" "nodes-privateweave-example-com" { + name_prefix = "nodes.privateweave.example.com-" + image_id = "ami-12345678" + instance_type = "t2.medium" + key_name = "${aws_key_pair.kubernetes-privateweave-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id}" + iam_instance_profile = "${aws_iam_instance_profile.nodes-privateweave-example-com.id}" + security_groups = ["${aws_security_group.nodes-privateweave-example-com.id}"] + associate_public_ip_address = false + user_data = "${file("${path.module}/data/aws_launch_configuration_nodes.privateweave.example.com_user_data")}" + root_block_device = { + volume_type = "gp2" + volume_size = 20 + delete_on_termination = true + } + lifecycle = { + create_before_destroy = true + } +} + +resource "aws_nat_gateway" "us-test-1a-privateweave-example-com" { + allocation_id = "${aws_eip.us-test-1a-privateweave-example-com.id}" + subnet_id = "${aws_subnet.utility-us-test-1a-privateweave-example-com.id}" +} + +resource "aws_route" "private-us-test-1a-privateweave-example-com" { + route_table_id = "${aws_route_table.private-us-test-1a-privateweave-example-com.id}" + destination_cidr_block = "0.0.0.0/0" + nat_gateway_id = "${aws_nat_gateway.us-test-1a-privateweave-example-com.id}" +} + +resource "aws_route" "wan" { + route_table_id = "${aws_route_table.main-privateweave-example-com.id}" + destination_cidr_block = "0.0.0.0/0" + gateway_id = "${aws_internet_gateway.privateweave-example-com.id}" +} + +resource "aws_route53_record" "api-privateweave-example-com" { + name = "api.privateweave.example.com" + type = "A" + alias = { + name = "${aws_elb.api-privateweave-example-com.dns_name}" + zone_id = "${aws_elb.api-privateweave-example-com.zone_id}" + evaluate_target_health = false + } + zone_id = "/hostedzone/Z1AFAKE1ZON3YO" +} + +resource "aws_route_table" "main-privateweave-example-com" { + vpc_id = "${aws_vpc.privateweave-example-com.id}" + tags = { + KubernetesCluster = "privateweave.example.com" + Name = "main-privateweave.example.com" + } +} + +resource "aws_route_table" "private-us-test-1a-privateweave-example-com" { + vpc_id = "${aws_vpc.privateweave-example-com.id}" + tags = { + KubernetesCluster = "privateweave.example.com" + Name = "private-us-test-1a.privateweave.example.com" + } +} + +resource "aws_route_table_association" "main-us-test-1a-privateweave-example-com" { + subnet_id = "${aws_subnet.utility-us-test-1a-privateweave-example-com.id}" + route_table_id = "${aws_route_table.main-privateweave-example-com.id}" +} + +resource "aws_route_table_association" "private-us-test-1a-privateweave-example-com" { + subnet_id = "${aws_subnet.private-us-test-1a-privateweave-example-com.id}" + route_table_id = "${aws_route_table.private-us-test-1a-privateweave-example-com.id}" +} + +resource "aws_security_group" "api-elb-privateweave-example-com" { + name = "api-elb.privateweave.example.com" + vpc_id = "${aws_vpc.privateweave-example-com.id}" + description = "Security group for api ELB" + tags = { + KubernetesCluster = "privateweave.example.com" + Name = "api-elb.privateweave.example.com" + } +} + +resource "aws_security_group" "bastion-elb-privateweave-example-com" { + name = "bastion-elb.privateweave.example.com" + vpc_id = "${aws_vpc.privateweave-example-com.id}" + description = "Security group for bastion ELB" + tags = { + KubernetesCluster = "privateweave.example.com" + Name = "bastion-elb.privateweave.example.com" + } +} + +resource "aws_security_group" "bastion-privateweave-example-com" { + name = "bastion.privateweave.example.com" + vpc_id = "${aws_vpc.privateweave-example-com.id}" + description = "Security group for bastion" + tags = { + KubernetesCluster = "privateweave.example.com" + Name = "bastion.privateweave.example.com" + } +} + +resource "aws_security_group" "masters-privateweave-example-com" { + name = "masters.privateweave.example.com" + vpc_id = "${aws_vpc.privateweave-example-com.id}" + description = "Security group for masters" + tags = { + KubernetesCluster = "privateweave.example.com" + Name = "masters.privateweave.example.com" + } +} + +resource "aws_security_group" "nodes-privateweave-example-com" { + name = "nodes.privateweave.example.com" + vpc_id = "${aws_vpc.privateweave-example-com.id}" + description = "Security group for nodes" + tags = { + KubernetesCluster = "privateweave.example.com" + Name = "nodes.privateweave.example.com" + } +} + +resource "aws_security_group_rule" "all-bastion-to-master" { + type = "ingress" + security_group_id = "${aws_security_group.nodes-privateweave-example-com.id}" + source_security_group_id = "${aws_security_group.bastion-privateweave-example-com.id}" + from_port = 0 + to_port = 0 + protocol = "-1" +} + +resource "aws_security_group_rule" "all-master-to-master" { + type = "ingress" + security_group_id = "${aws_security_group.masters-privateweave-example-com.id}" + source_security_group_id = "${aws_security_group.masters-privateweave-example-com.id}" + from_port = 0 + to_port = 0 + protocol = "-1" +} + +resource "aws_security_group_rule" "all-master-to-node" { + type = "ingress" + security_group_id = "${aws_security_group.nodes-privateweave-example-com.id}" + source_security_group_id = "${aws_security_group.masters-privateweave-example-com.id}" + from_port = 0 + to_port = 0 + protocol = "-1" +} + +resource "aws_security_group_rule" "all-node-to-master" { + type = "ingress" + security_group_id = "${aws_security_group.masters-privateweave-example-com.id}" + source_security_group_id = "${aws_security_group.nodes-privateweave-example-com.id}" + from_port = 0 + to_port = 0 + protocol = "-1" +} + +resource "aws_security_group_rule" "all-node-to-node" { + type = "ingress" + security_group_id = "${aws_security_group.nodes-privateweave-example-com.id}" + source_security_group_id = "${aws_security_group.nodes-privateweave-example-com.id}" + from_port = 0 + to_port = 0 + protocol = "-1" +} + +resource "aws_security_group_rule" "api-elb-egress" { + type = "egress" + security_group_id = "${aws_security_group.api-elb-privateweave-example-com.id}" + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] +} + +resource "aws_security_group_rule" "bastion-egress" { + type = "egress" + security_group_id = "${aws_security_group.nodes-privateweave-example-com.id}" + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] +} + +resource "aws_security_group_rule" "bastion-elb-egress" { + type = "egress" + security_group_id = "${aws_security_group.bastion-elb-privateweave-example-com.id}" + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] +} + +resource "aws_security_group_rule" "bastion-to-master" { + type = "ingress" + security_group_id = "${aws_security_group.masters-privateweave-example-com.id}" + source_security_group_id = "${aws_security_group.bastion-privateweave-example-com.id}" + from_port = 0 + to_port = 0 + protocol = "-1" +} + +resource "aws_security_group_rule" "https-api-elb" { + type = "ingress" + security_group_id = "${aws_security_group.api-elb-privateweave-example-com.id}" + from_port = 443 + to_port = 443 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] +} + +resource "aws_security_group_rule" "kube-proxy-api-elb" { + type = "ingress" + security_group_id = "${aws_security_group.masters-privateweave-example-com.id}" + source_security_group_id = "${aws_security_group.api-elb-privateweave-example-com.id}" + from_port = 443 + to_port = 443 + protocol = "tcp" +} + +resource "aws_security_group_rule" "master-egress" { + type = "egress" + security_group_id = "${aws_security_group.masters-privateweave-example-com.id}" + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] +} + +resource "aws_security_group_rule" "node-egress" { + type = "egress" + security_group_id = "${aws_security_group.nodes-privateweave-example-com.id}" + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] +} + +resource "aws_security_group_rule" "ssh-external-to-bastion" { + type = "ingress" + security_group_id = "${aws_security_group.bastion-privateweave-example-com.id}" + source_security_group_id = "${aws_security_group.bastion-elb-privateweave-example-com.id}" + from_port = 22 + to_port = 22 + protocol = "tcp" +} + +resource "aws_security_group_rule" "ssh-external-to-bastion-elb" { + type = "ingress" + security_group_id = "${aws_security_group.bastion-elb-privateweave-example-com.id}" + from_port = 22 + to_port = 22 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] +} + +resource "aws_subnet" "private-us-test-1a-privateweave-example-com" { + vpc_id = "${aws_vpc.privateweave-example-com.id}" + cidr_block = "172.20.4.0/22" + availability_zone = "us-test-1a" + tags = { + KubernetesCluster = "privateweave.example.com" + Name = "private-us-test-1a.privateweave.example.com" + } +} + +resource "aws_subnet" "utility-us-test-1a-privateweave-example-com" { + vpc_id = "${aws_vpc.privateweave-example-com.id}" + cidr_block = "172.20.32.0/19" + availability_zone = "us-test-1a" + tags = { + KubernetesCluster = "privateweave.example.com" + Name = "utility-us-test-1a.privateweave.example.com" + } +} + +resource "aws_vpc" "privateweave-example-com" { + cidr_block = "172.20.0.0/16" + enable_dns_hostnames = true + enable_dns_support = true + tags = { + KubernetesCluster = "privateweave.example.com" + Name = "privateweave.example.com" + } +} + +resource "aws_vpc_dhcp_options" "privateweave-example-com" { + domain_name = "us-test-1.compute.internal" + domain_name_servers = ["AmazonProvidedDNS"] + tags = { + KubernetesCluster = "privateweave.example.com" + Name = "privateweave.example.com" + } +} + +resource "aws_vpc_dhcp_options_association" "privateweave-example-com" { + vpc_id = "${aws_vpc.privateweave-example-com.id}" + dhcp_options_id = "${aws_vpc_dhcp_options.privateweave-example-com.id}" +} \ No newline at end of file